Microsoft, Adobe: PDF security flaw treatable

Recently released Microsoft toolkit can be used to plug "critical" security hole in Adobe Systems' all-but-ubiquitous Reader and Acrobat software.

Edward Moyer Senior Editor

Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.

Credentials

Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.

See full bio

Edward Moyer

Sept. 11, 2010 4:48 p.m. PT

2 min read

Microsoft and Adobe Systems have announced that a recently released Microsoft toolkit can be used to block zero-day attacks targeting a security flaw in Adobe's Acrobat and Reader programs.

In an advisory published Friday, Microsoft detailed how its Enhanced Mitigation Experience Toolkit 2.0 could be used to short-circuit the threat. Adobe, which has not yet released a patch, updated its original advisory to reflect the new information.

Adobe considers the flaw to be "critical"--it could let an attacker take control of any of the millions of computers running what is far and away the most popular PDF (portable document format) viewing system.

On Thursday, security company Trend Micro said it had found malicious files in the wild related to the flaw.

In its advisory, Microsoft says the following:

"In order to enable EMET for Adobe Reader and Acrobat you have to install EMET and run the following simple command line as an Administrator. Please note the path to the Adobe Reader and Acrobat could be different in your system (especially if you are not using a 64 bit system).

C:\Program Files (x86)\EMET>emet_conf.exe --add "c:\program files (x86)\Adobe\Reader 9.0\Reader\acrord32.exe"

The changes you have made may require restarting one or more applications

We have been working closely with the Adobe Secure Software Engineering Team (ASSET) on recommending EMET as a mitigation option. Due to the time-sensitive nature of this issue, we have only been able to perform a cursory look at the functional compatibility of this mitigation. Keep in mind, Adobe Reader and Acrobat support broad feature sets, which require extensive testing to fully cover all functionality. Therefore, we recommend that you also test the mitigation in your environment to minimize any impact on your workflows."